If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Before the Thanksgiving weekend, the Federal Communications Commission released a plan to gut net neutrality protections. The plan will eliminate the rules that prevent major ISPs from blocking and throttling Internet traffic and setting up pay-to-play structures. In place of those protections, the FCC proposed a mere transparency requirement, allowing ISPs to impose non-neutral practices, as long as they are open about it.

These changes will upend the Internet as we have come to learn, use, and inhabit it. For years, the Internet operated as an equal playing field for major companies, small business owners, hobbyists and anyone else who simply wanted to start or use a website. By removing these rules, the FCC will allow ISPs to enact "fast lanes" on the Internet, where certain websites can be favored over others. One way companies could access those fast lanes is simple: pay more.

Under the new rules, companies that have the most money could pay their way into having their content delivered more quickly. Startups, and smaller websites or apps, will be at a disadvantage.

The best way to help protect the open web is to call and contact your representatives. If you want, you can also take part in various, country-wide events planned for December 7. Help today: speak up.

For a limited time, all donations made to EFF as part of its Power-Up Your Donation campaign will be matched! That means, simply, when you donate $1, EFF receives $2. Donate $2? That becomes $4. And donate $100? Well, okay, you get the idea.

But this double-donation duration only lasts until EFF receives $203,137. We have until December 5 to meet that goal. Every donation helps our organization build privacy-enhancing tools, stop illegal government surveillance, fight censorship, protect the open web, and more.

Working in cooperation with EFF, Fundación Karisma released its third annual ¿Dónde Estan Mis Datos? Report, the Columbian parallel to EFF's Who Has Your Back? The report, which shows some progress in companies that are standing up for their users, is more thorough in its evaluation than years prior. Fundación Karisma reviewed mobile and fixed ISPs on their data practices, as well as corporate policies for gender equality and accessibility, public data breach responses, and HTTPS use.

EFF is representing the Pulitzer-prize winning newspaper The Stranger to better understand what the government requests from technology companies when seeking user data, and under what legal authorities those requests allegedly apply. The Seattle-based newspaper has petitioned a local, federal court to unseal government requests for electronic surveillance made to some of the region's largest companies, like Amazon and Microsoft.

EFF is proud to announce the latest update to its Street-Level Surveillance project. The latest update includes information and documentation about invasive forms of police surveillance, including automated license plate readers, body-worn cameras, cell-site simulators, drones, and face recognition. These pieces of technology can be found almost everywhere today—on street lamps, on highway overpasses, in cop cars, and in the sky. Learn about who is collecting your data, what they're using it for, and how EFF is fighting it.

EFF released a new version of Panopticlick, a website we developed to help users understand what their Internet browsers know about them. The update includes a test for "Acceptable Ads," an initiative led by Adblock Plus and Adblock to better define non-invasive advertisements. This update led to a retooled privacy policy for Panopticlick. For more information about the updated policy, visit https://panopticlick.eff.org/privacy

EFF launched its Security Education Companion-a set of tools, training manuals and instructions for people who want to teach their communities about digital privacy and security. These resources can empower people to better teach and train some of the trickier, more nuanced topics in cybersecurity, including password creation and management, end-to-end encrypted communications, social media protection, and private Internet browsing.

A federal judge decided that EFF did not need to follow an Australian injunction that ordered us to take down a "Stupid Patent of the Month" blog post. The injunction also barred EFF from speaking about the patent owner's intellectual property ever again. The patent owner, Global Equity Management (SA) Pty Ltd, alleged that EFF published "false and malicious slander." EFF countersued in the U.S. District Court for the Northern District of California, arguing that the post is protected speech. The court agreed. The post remains.

Often, constitutional arguments against Section 702 of the FISA Amendments Act focus on the Fourth Amendment-the right to freedom from unreasonable searches and seizures. But the First Amendment plays an equally important role. In its broadness, NSA surveillance chills speech, assembly, and association.

New Orleans Mayor Mitch Landrieu revealed a high-tech office designed to collect information from surveillance cameras and automated license plate readers located throughout the city. (The New Orleans Advocate)

Protecting and serving should include identifying and patching vulnerabilities in our infrastructure. Not exploiting them. (The New York Times)Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.

This newsletter is printed from 100% recycled electrons.
To read more: View as a webpage.

The aim of an argument or discussion should not be victory, but
progress. -- Joseph JoubertAttachment 1008

The Senate has approved a terrible bill to extend Section 702 of the FISA Amendments Act—one of the NSA’s most invasive surveillance tools. This vote dealt a significant blow to Americans' Fourth Amendment rights to privacy, and allows for continued, opaque surveillance that hurts Americans and non-U.S. persons abroad for another six years.

But this fight is far from over. The failure in Congress amplifies the importance of EFF's continued fight against broad, unconstitutional surveillance that is taking place in the courts. Our signature litigation against mass surveillance, Jewel v. NSA, has survived multiple challenges and delays by the government, and the court has scheduled additional document delivery in our favor as early as mid-February.
.Team Internet Is Far From Done: What’s Next For Net Neutrality and How You Can Help

The Federal Communications Commission voted to repeal net neutrality protections in late November 2017, neglecting the law, the facts, and the voices of millions of Americans.

Still, we fight. In the coming months, we have several paths towards a better tomorrow. By utilizing the Congressional Review Act, we can continue to put pressure on Congress before the FCC's vote is written into law. In court, multiple public interest groups, state attorneys general, and Congress members are preparing legal challenges against the FCC because of the way it flouted rulemaking procedure. And on a state-by-state basis, politicians and lawmakers are already considering legislation that would require net neutrality.
.EFF UpdatesDark Caracal: Good News and Bad News

EFF, together with Lookout, uncovered a previously undetected global malware espionage campaign with possible involvement from a foreign government. In a joint report, we detail how attackers used malicious, fake apps to impersonate popular messaging apps like WhatsApp and Signal.

The legitimate messaging apps that people use and trust—like Signal and WhatsApp—have not been compromised in any way. Instead, attackers found ways to duplicate these apps and release fake versions of them on the Android mobile platform.

A new California bill would require cops to obtain judicial approval or parental consent before collecting children's DNA. EFF strongly supports this legislation.

Current California law includes a massive loophole that allows law enforcement to collect children's DNA in many circumstances so long as that DNA data is not stored in any statewide or federal databases. Should local law enforcement choose to collect children's DNA and store it only within their own database, there are few rules to stop them.

The new bill, A.B. 1584, would impose the proper restrictions on local law enforcement and help strengthen privacy protections for California's children.
.How to Assess a Vendor’s Data Security

When your company needs a new piece of software—like a tool that scans and sends sensitive documents, or a program that compiles confidential client information—making a decision can be tough. We have several questions you can ask that will help steer you towards the right products, helping you—and your business—maintain digital privacy and security.
.California Police Chiefs Misrepresent License Plate Privacy Bill

A California bill that would protect individual privacy is being attacked by state police chiefs who are misrepresenting what the bill does. The bill—S.B. 712—would allow Californians to cover their cars' license plates while their vehicles are parked. Contrary to what state police chiefs say, allowing this practice would not impede Amber Alert investigations or help criminals get away from the police.

As Europe prepares its General Data Protection Regulation ruleset, the authority on online domain name registrations is grappling with what its own rules will look like in the future.

Under current practice, ICANN—which oversees website registration information—requires personal information to be listed on publicly accessible sites called WHOIS directories. This flouts some of the privacy restrictions in Europe's GDPR. Before ICANN comes fully up to speed with GDPR compliance, it has issued three interim solutions. While not perfect, EFF supports at least a variation of one of these solutions.
.miniLinks
.Software developers blunder into a misunderstanding of sexual consent… and blockchain

A new paper from advocacy organization 7amleh analyzes digital rights violations and threats to Palestinians from their own government. The report also details threats from non-government actors.
.Filipino bloggers organize for the right to free expression

59 bloggers in the Philippines have issued a manifesto for free speech in the wake of attempts by the government to shut down news site Rappler for criticizing the president. (Rappler)

Don't Let Congress Censor the Internet
The House of Representatives is about to vote on a bill that would force online platforms to censor their users. The Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA) might sound noble, but it would do nothing to stop sex traffickers. What it would do is force online platforms to police their users’ speech more forcefully than ever before, silencing legitimate voices in the process.

EFF has been opposed to a similar bill called the Stop Enabling Sex Traffickers Act (SESTA). A new amendment is about to combine the worst elements of SESTA and FOSTA into a monster of a bill that would be a disaster for Internet intermediaries, marginalized communities, and even trafficking victims themselves.

If you don’t want Congress to undermine the online communities we all rely on, please take a moment to call your representative and urge them to oppose FOSTA.

John Perry Barlow, Internet Pioneer, 1947-2018
With a broken heart, EFF Executive Director Cindy Cohn announced the passing of EFF Founder John Perry Barlow the morning of February 7th. Barlow was a visionary whose leadership allowed for the developments and proliferation of significant parts of the Internet we all know and love today.

Barlow saw the Internet as a fundamental place for freedom, amplifying voices and allowing each of us to connect with others regardless of physical distance.

We will continue to work toward the realization of John Perry Barlow’s mission of making the Internet into “a world that all may enter without privilege or prejudice accorded by race, economic power, military force, or station of birth… a world where anyone, anywhere may express his or her beliefs, no matter how singular, without fear of being coerced into silence or conformity.”

As more agencies adopt body-worn cameras, many in the law enforcement community hope to use these tools to identify people in the dark, match a person to a police sketch, or even construct an image of a person’s face from a sample of their DNA.

In Face Off, EFF’s recently released report on law enforcement use of face recognition technology, Senior Staff Attorney Jennifer Lynch notes, “People should not have to worry that they may be falsely accused of a crime because an algorithm mistakenly matched their photo to a suspect. They shouldn’t have to worry that their data will end up in the hands of identity thieves because face recognition databases were breached. They shouldn’t have to fear that their every move will be tracked if face recognition is linked to the networks of surveillance cameras that blanket many cities.”

Legislation is needed to place meaningful checks on government use of face recognition, including rules limiting retention and sharing, requiring notification when face prints are collected, ensuring robust security procedures to prevent data breaches, and establishing legal processes governing when law enforcement may collect face images from the public without their knowledge.

In a campaign to reveal how much data law enforcement agencies have collected using automated license plate readers (ALPRs), EFF and Muckrock are filing approximately 1,000 public records requests with agencies that have deals with Vigilant Solutions, one of the nation’s largest vendors of ALPR surveillance technology and software services.

Thanks to the chilling effects of an obscure copyright law—Section 1201 of the Digital Millennium Copyright Act—there’s a whole catalog of devices that are missing from our world. It’s often hard to notice what isn’t there, but we’re aiming to fix that through a little design fiction we call “The Catalog of Missing Devices.”

Google launched a new version of its Chrome browser with what it calls an “ad filter,” which means that it sometimes blocks ads but is not an “ad blocker.” While the filter is intended to dissuade aggressive ad formats, the problem has other dimensions. Whether it’s the use of ads as a vector for malware, the consumption of mobile data plans by bloated ads, or the monitoring of user behavior through tracking technologies, users have a lot of reasons to take action and defend themselves. But these elements are ignored.

In a win for free expression, a court has dismissed a copyright lawsuit against Happy Mutants, LLC, the company behind acclaimed website Boing Boing. From the outset of this lawsuit, we have been puzzled as to why Playboy, once a staunch defender of the First Amendment, would attack a small news and commentary website. Although the decision allows Playboy to try again with a new complaint, it is still a good result for supporters of online journalism and sensible copyright.

A consortium of media and distribution companies calling itself “FairPlay Canada” is lobbying for Canada to implement a fast-track, extrajudicial website blocking regime in the name of preventing unlawful downloads of copyrighted works. The proposal would require service providers to “disappear” certain websites, endangering Internet security and sending a troubling message to the world: it’s okay to interfere with the Internet, even effectively blacklisting entire domains, as long as you do it in the name of IP enforcement.

Over the years, Egyptian journalist Wael Abbas has experienced censorship at the hands of Youtube, Twitter, Facebook, and Yahoo!; four of Silicon Valley’s top companies. Although more extreme, his story isn’t so different from that of the many individuals who find themselves unceremoniously removed from a social platform. Abbas was only able to have his suspensions overturned after contacting EFF. For every prominent journalist documenting injustice who manages to get through their filters, how many more have lost the fight against the censors before they had a chance to reach a wider public?

When kids apply for the Scholastic Art & Writing Awards, they fully transfer the copyright for their submission to Scholastic—even if they don’t win—and often without realizing it. (boingboing)EFF is Supported By Donors.Donate Today

Reproduction of this publication in electronic media is encouraged. MiniLinks may not represent the views of EFF.
This newsletter is printed from 100% recycled electrons.

Your data moves across international borders, and it should be protected at home and abroad. But a new bill in Congress would weaken existing protections, endangering the privacy of your emails, chat messages, and online photos. As Congress debates whether to attach this bill to another must-pass spending bill, we need your help. Tell your representative to reject the CLOUD Act.

The CLOUD Act (S. 2383 and H.R. 4943) would grant foreign and American police unreasonable access to data during cross-border investigations. The CLOUD Act could let police outside the United States grab data stored in the United States, and wiretap phone calls passing through the United States, while ignoring U.S. privacy laws. Foreign police could request data on non-U.S. persons not living in the United States, sending those requests directly to U.S. companies. During this data collection, the targets of these foreign police inevitably will be communicating with Americans. If you happen to be communicating with one of these foreign targets, then foreign police can often share your communications with the U.S. government. Then the U.S. government can use these communications against you, without a warrant, and without notifying them.

Tell your representative today to protect privacy by rejecting the CLOUD Act and any attempts to attach it to must-pass spending legislation.

The Internet we know today is possible because of Section 230 of the Communications Decency Act. Section 230 protects online platforms from liability for some types of speech by their users. Without Section 230, social media would not exist in its current form, and neither would the plethora of nonprofit and community-based online groups that serve as essential outlets for free expression and knowledge sharing.

If Congress undermined Section 230's essential protections by passing The Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), many online platforms would be forced to place substantial restrictions on their users’ speech, censoring a lot of people in the process.

The version of FOSTA that’s passed the House, and is expected to come up for a Senate vote in the next few days, is a Frankenstein combination of an earlier version of FOSTA and a bill called the Stop Enabling Sex Traffickers Act (SESTA). While the name might sound appealing, FOSTA is not needed to fight online sex trafficking. Existing Criminal law already allows federal prosecutors to go after online platforms that knowingly play a role in sex trafficking.

It would scare online platforms into censoring their users. Websites run by nonprofits or community groups, which have limited resources to police user content, would face the most risk. Some of the discussions most likely to be censored could be those by and about victims of sex trafficking.

Censorship is not the solution. If you care about preserving the Internet as a place where everyone can gather, learn, and share ideas, it's time to call your senators.

Where awards season ends and Sunshine Week begins, you'll find The Foilies. For the fourth year in a row, EFF is celebrating Sunshine Week by singling out the government officials who stood in the way of transparency, refused to hand over public records, and made ridiculous redactions. No spoilers: to find out who won FOIA Fee of the Year and other awards, you'll need to either click through or pick up a hard copy. (Yes! A hard copy!) Thanks to a partnership with the Association of Alternative Newsmedia, The Foilies run in alt weeklies in select cities throughout the country.

People in marginalized communities who are targets of persecution and violence are using social media to tell their stories, but finding their voices silenced online.

Flawed rules and ambiguous "community standards" have shut down online conversations about racism and harassment of people of color and resulted in the removal of reports about the Syrian war and human rights abuses.

In response, EFF and Visualizing Impact launched Offline/Online, an awareness project that highlights the online censorship of communities across the globe that are struggling or in crisis.

Offline/Online visuals are designed to be posted and shared by activists and concerned citizens, raising awareness about the impact of censorship on marginalized communities.

On March 6, domain name registrar Namecheap relaunched "Move your Domain Day." Modeled after the companies 2012 promotion supporting a boycott of their competitor GoDaddy's highly unpopular support of SOPA and PIPA. The Stop Online Piracy Act (SOPA) (originally known as the E-PARASITE Act) and its Senate counterpart the PROTECT IP Act (PIPA) (originally the Combating Online Infringement and Copyright Act (COICA)) were a series of bills promoted by Hollywood in the US Congress that would have a created a "blacklist" of censored websites. This year's "Move Your Domain" promotion resulted in the transfer of 20,590 domains. $1.50 from each "Move Your Domain Day" registration was donated to EFF ultimately raising $30,885 toward helping us ensure that internet users around the world have an advocate.

Lawmakers in more than 15 states are considering model legislation that would force device manufacturers to install "obscenity filters" on cell phones, tablets, computers, and any other internet-connected device. In addition to violating consumers First Amendment rights, and requiring consumers to submit written and documented requests to have filters removed, the bill would burden users with a $20 fee per device to access legal content. Between smartphones, tablets, computers, TV's, gaming consoles, routers and other Internet-enabled devices, consumers could end up paying hundreds of dollars to unlock all the devices in their homes.

What happens when a security researcher discovers the vulnerability in a states election center and reports the discovery ethically? This is precisely what happened in Georgia, where some of the states election functions were farmed out to Kennesaw State University. The researcher was cleared after an FBI investigation showed no laws had been broken in the process. But, Georgia lawmakers are now trying to rectify the issue with State Bill 315. You might expect S.B. 315 to require stronger protections for state voting data, but in fact, the law would instead criminalize independent computer research. Electronic Frontiers Georgia, a member of the Electronic Frontiers Alliance, is at the center of the resistance to this proposed legislation.

You shouldn't have to wade through complicated privacy settings to ensure that the companies with which you've entrusted your personal information are making reasonable, legal efforts to protect it. But while legislators and regulators scramble to understand the implications of last week's revelation that Facebook allowed third parties to violate users privacy on an unprecedented scale, users are left with the responsibility to make sure their profiles are as locked down as possible

Cambridge Analytica, a data analytics company, acquired access to more than 50 million Facebook users accounts in 2014. The data was collected, shared, and stored without most users' consent. This violation of user privacy was not a data breach. It was in line with Facebook's terms of service and API at the time; this is how Facebook's infrastructure was designed to work.

In addition to raising questions about Facebook's role in the 2016 presidential election, this news is a reminder of the inevitable risks users face when their information is captured, analyzed, indefinitely stored, and shared by a constellation of data brokers, marketers, and social media companies.
.How Congress Censored the Internet

EFF and other civil liberties organizations opposed it; sex trafficking experts and sex workers alike explained its flaws, and even the Department of Justice warned Congress not to pass it. This chorus of voices attempted to dissuade Congress, explaining that—though the bill's intent may have been to stop sex trafficking—in execution it would place those it purported to aid at greater risk and undermine the Internet we all know and love. Yet, the Senate voted 97-2 to pass the Allow States and Victims to Fight Online Sex Trafficking Act (FOSTA, H.R. 1865), forcing Internet platforms to censor their users and making trafficking victims less safe.
.EFF Updates
.Responsibility Deflected, the CLOUD Act Passes

The CLOUD Act, giving U.S. and foreign police new mechanisms to seize data across the globe without a warrant and with few restrictions on using and sharing your information, was never reviewed or marked up by any committee in either the House or the Senate. It never received a hearing. It was never subject to a stand-alone floor vote. Instead, congressional leadership attached this un-vetted, unrelated data bill to the $1.3 trillion government spending bill. Congress has a professional responsibility to listen to the American people’s concerns, to represent their constituents, and to debate the merits and concerns of this proposal. It failed.
.EFF Helps Conservation Organization Stand Up To Mining Company

"Irreparable Harm," a short film sponsored by the Southeast Alaska Conservation Council (SEACC), documents Alaska's Admiralty Island National Monument, inhabited by the Tlingit people for thousands of years. It is also home to Hecla's Greens Creek silver mine. The film explores the mine's relationship with its Tlingit neighbors—highlighting pollution levels in traditional Tlingit food sources.

Last month Hecla Mining Company attempted to prevent further screenings of the film, claiming the use of footage from a company promotional video violated the Copyright Act. EFF responded to Hecla’s demands on behalf of SEACC, pointing out what should have been obvious--that the use of short clips in a critical documentary is “a paradigmatic case of fair use.”
.Catalog of Missing Devices: Physics Barbie

There’s a whole catalog of devices that are missing from our world. Things we’d pay money for — things you could earn money with — don’t exist thanks to the chilling effects of an obscure copyright law: Section 1201 of the Digital Millennium Copyright Act. This week's entry is Physics Barbie, a talking doll that's been reprogrammed to talk science.
.Lucy Parsons Labs Defends Transparency in Chicago

Electronic Frontier Alliance ally Lucy Parsons Lab is a dedicated group of volunteers doing incredible work to protect civil liberties in Chicago and beyond. EFF's Lindsay Oliver sat down with Lucy Parsons Lab co-founder Freddy Martinez to gain a better understanding of the lab and how they use their powers for good.
.Senator Wyden Asks NSA Director Nominee the Right Questions

As part of his Senate Confirmation Hearing, Lt. General Paul Nakasone, the new nominee to direct the NSA, faced pointed and necessary questions from Sen. Ron Wyden (D-OR) about how he would lead the spy agency.

Though elusive, Nakasone assured Sen. Wyden that he would "follow the law" and ensure that the NSA would do so as well. Nakasone also conceded that, conditionally, he agreed with encryption experts that tech companies could not modify their encryption to permit law enforcement access without "the bad guys" getting in too.

We hope that given the opportunity to question Nakasone, additional senators will ask the pointed questions we need answers to about the NSA's still-ongoing Section 702 surveillance program, and how he plans to reconcile the agencies invasive spying program with constitutional rights to privacy.
.E-Carceration: Trading Physical for Virtual Prisons

As criminal justice advocates work to abolish cash bail schemes and dismantle the prison industrial complex, one of the many tools touted as an alternative to incarceration is electronic monitoring (EM). While EM's use has expanded, regulation and oversight lag behind. Electronic Monitoring devices—capable of recording and regularly transmitting a subject's location, blood alcohol level and more—raise a range of digital rights and civil liberty concerns.
These concerns are not limited solely to how those facing or convicted of criminal charges may be affected, but how in the absence of responsible guidelines those harms may extend to their families and communities as well. That's why EFF, along with over 50 other organizations, has endorsed the Center for Media Justice's Guidelines for Respecting the Rights of Individuals on electronic monitoring.
.miniLinks
.How to Turn Off Location Services on Your Smartphone

Technology can make our lives better, or be used to threaten fundamental liberties. Privacy Watch, a member of the Electronic Frontier Alliance, is working to ensure transparency and oversight of police use of spy tech in St. Louis. (The St. Louis American)

In most issues of EFFector, we give an overview of all the work we’re doing at EFF right now. This week, we present a deep dive on the recent Facebook data revelations and Mark Zuckerberg's testimony before Congress.

As the nation searched for answers in the wake of Facebook’s Cambridge Analytica scandal, Mark Zuckerberg testified last week before a joint session of the Senate Judiciary and Commerce Committees as well as the House Energy and Commerce Committee. While many users’ suspicions were affirmed, many important questions went unasked, unanswered, or deflected. Can users trust tech companies to handle their personal information? Can a surveillance-based, advertising-powered platform provide real user privacy protections? If not, how should users, legislators, and the company itself respond?

These have long been important questions for users and platforms to explore. This particular scandal with Facebook and Cambridge Analytica was unique only in that it combined sweeping data collection, indiscriminate sharing, lax safeguards, and manipulative advertising into the perfect privacy storm. Several years ago, Facebook’s Graph API allowed a researcher to engage in voracious collection of millions of people’s data without anything resembling informed consent. Then Facebook failed to step in as Cambridge Analytica subjected that user data to privacy-invasive machine learning techniques for targeted advertising purposes. Perhaps worst of all, Facebook never notified users of a known bad actor’s unauthorized access to their data.

A Pivotal Time for Online Privacy.

When a former Cambridge Analytica employee came forward to the press last month, it broke the dam on over a decade of Facebook privacy concerns.

This Cambridge Analytica fiasco and subsequent fallout serve as a reminder of the serious privacy risks that users face when their personal information is captured, analyzed, indefinitely stored, and shared by a constellation of data brokers, marketers, and social media companies.

Facebook has responded with a stream of statements and changes, from reorganizing privacy settings to locking down APIs to ending relationships with third-party data brokers. But none of these changes have addressed the problem at the core of not only Facebook’s but much of the popular web’s privacy problems: We can’t be full participants in 21st-century social and political discourse without providing advertisers and others a constant stream of our most intimate personal details.

You shouldn’t have to be a settings wizard in order to enjoy a popular platform in a safe, private way. Platforms should protect your privacy by default and by design, collecting information only with your affirmative, informed consent. You should have meaningful control over your information and your experience. And, if you decide that a particular platform isn’t doing a good enough job protecting the data you’ve entrusted it with, you should be able to leave and take all your information with you. These are just a few of the privacy rights that any responsible social media platform should provide for its users.

Word Games in Congress.

Unfortunately, Mark Zuckerberg’s testimony in front of Congress gave us little confidence that the company is committed to providing the transparency and accountability at the foundation of those privacy rights. Instead, the hearings were full of technically accurate but deceptively incomplete word games, as well as hand-waving about AI, confusion about the roles of platforms and ISPs, and shocking inaccuracies about Section 230. Zuckerberg was unable to provide even ballpark answers about the scale at which Facebook tracks users and non-users across the web, and promised that his team would follow up at a later date a whopping 40 times.

With the hearings over, the question remains: What next? Above all, the guiding question should not be: What legislation do we need to make sure there is never another Cambridge Analytica? Rather, we should be asking: What privacy protections are missing, and how can we fill that gap while respecting other essential values like speech, user empowerment, and competition?

What Comes Next.

A knee-jerk urge to slap rules on Facebook risks enshrining it as the sole guardian of our discourse and data, with the quasi-authoritarian power to police speech and squash rivals. It’s important to consider how any reactions to the Cambridge Analytica scandal, legislative or otherwise, might help or hinder potential future competitors. While Facebook has the vast resources to comply with whatever requirements Congress throws at it, smaller start-ups may not.

Facebook’s surveillance business model and data-hungry design have created real problems for its users’ privacy rights. But some of those problems can be fixed. Going forward, we can look for answers in existing laws, pressure from users and investors, and focused legislative steps where necessary. We need to be both creative and judicious to ensure that today’s solutions don’t become tomorrow’s unexpected problems.

The recent scandal may result in significant reimagining of how we share our information online, and what responsibility platforms have to protect their users' information. But, it's certainly not the first time users have questioned their trust in Facebook. (Wired)

In December, the FCC voted to end the 2015 Open Internet Order, which prevented Internet service providers (ISPs) like AT&T and Comcast from violating net neutrality principles. A simple majority vote in Congress can keep the FCC’s decision from going into effect. From now until the Senate votes, EFF, along with a coalition of organizations, companies, and websites, is on red alert and calling on you to tell Congress to vote to restore the Open Internet Order.

On May 3, in the U.S. Capitol Visitor Center, EFF convened a closed-door briefing for Senate staff about the realities of device encryption. While policymakers hear frequently from the FBI and the Department of Justice about the dangers of encryption and the so-called Going Dark problem, they very rarely hear from actual engineers, cryptographers, and computer scientists. EFF's panelists included Dr. Matt Blaze, professor of computer science at the University of Pennsylvania, Dr. Susan Landau, professor of cybersecurity and policy at Tufts University; Erik Neuenschwander, Apple’s manager of user privacy; and EFF’s tech policy director Dr. Jeremy Gillula.

The discussion focused on renewed calls by the FBI and DOJ to create mechanisms to enable “exceptional access” to encrypted devices. Our goal was to give a technical description of how device encryption actually works and answer staff questions about the risks that exceptional access mechanisms necessarily introduce into the ecosystem. EFF's Gillula went last and concluded that in the cat-and-mouse game that is computer security, mandating exceptional access would freeze the defenders’ state of the art, while allowing attackers to progress without limit.

Recently, the European Commission published two legislative proposals that could further cement an unfortunate trend towards privacy erosion in cross-border state investigati*ons. Building on a foundation first established by the recently enacted U.S. CLOUD Act, these proposals compel tech companies and service providers to ignore critical privacy obligations in order to facilitate easy access when facing data requests from foreign governments. These initiatives collectively signal the increasing willingness of states to sacrifice privacy as a way of addressing pragmatic challenges in cross-border access that could be better solved with more training and streamlined processes.

Before rushing to employ algorithms to make decisions, companies should begin by asking five questions:

Will this algorithm influence—or serve as the basis of—decisions with the potential to negatively impact people’s lives?
Can the available data actually lead to a good outcome?
Is the algorithm fair?
How will the results (really) be used by humans?
Will people affected by these decisions have any influence over the system?

Europe's General Data Protection Regulation (GDPR) comes into force on May 25th, and most companies that have users in Europe are scrambling to update their privacy policies and terms of service to avoid breaking this new EU law. It's still an open question whether the rules apply to users living outside the EU, but the changes involve refinements in terminology, how companies need to get permission to use data, and changes in user ability to look at the data itself, change it, and take it with them when they leave.

ISPs claim that the net neutrality principle banning paid prioritization—where an ISP charges websites and applications new fees and relegate those that do not pay to the slow lane—means that they cannot make enough money to upgrade and extend their service. We know this isn't true because the majority of costs for ISPs are in the initial building of their networks, which they have already recouped. And we've recently seen new ISPs build high-speed Internet networks turn a profit relatively quickly while adhering to net neutrality.

Section 1201 of the Digital Millennium Copyright Act makes tampering with "Digital Rights Management" a legal no-go zone. This scares off inventors and tinkerers from building new tools that should be perfectly legal. EFF details examples of these non-existent technologies in the Catalogue of Missing Devices. EFF supporter Benjamin McLean offered up his "Mashup Maker" as an example. This program would have ripped tracks legally acquired and imported them into a personal library with a built-in editor, making it easier for people to make fair use of these tracks.

Government officials are once again insisting that they still need to compromise our security via a backdoor for law enforcement. Opponents of encryption imagine that there is a “middle ground” approach that allows for strong encryption but with “exceptional access” for law enforcement. Government officials claim that technology companies are creating a world where people can commit crimes without fear of detection.

Despite this renewed rhetoric, most experts continue to agree that exceptional access, no matter how you implement it, weakens security.

In a way, Representative Marsha Blackburn is right that paid prioritization is like TSA Precheck. In that everyone else is stuck in a slow lane while those with money get to breeze past them. (Ars Technica)

Self-driving car companies may not want to share accident data out of fear it will help competitors to progress faster. But the trade-off is a higher level of safety—and its a trade-off we should demand they make. (Los Angeles)

The Supreme Court denied Personal Audio LLC's petition for review, putting an end to a years-long fight between EFF and the patent troll. Personal Audio had claimed that podcasters like Adam Corolla and other, smaller podcasters infringed its patent for a "system disseminating media content" in serialized episodes. EFF challenged the patent arguing, among other things, that people were podcasting before Personal Audio first applied for its patent. EFF first won in the Patent Office in 2015, and with the decision from the Supreme Court, this case is finally over and podcasters can cast without fear.

On May 16, the Senate voted to restore the 2015 Open Internet Order and reject the FCC’s attempt to gut net neutrality. The final Senate vote was 52 to 47 in favor. That puts a bare majority of the Senate in step with the 86% of Americans who oppose the FCC’s repeal of net neutrality protections. This is a great first step, but now the fight moves to the House of Representatives.

Under the Congressional Review Act (CRA), a majority vote in Congress can overturn the FCC's rule. With the passage of the CRA measure in the Senate, we're partway to restoring net neutrality protections. However, a majority of the members of the House of Representatives have not committed to voting for it. We have to keep up the momentum that got us a win in the Senate by getting 218 representatives committing to voting in favor. Take a minute to check where your representative stands, and, if they haven't already, ask them to stand up for net neutrality.

Researchers have developed code exploiting several vulnerabilities in PGP (including GPG) for email and theorized many more which others could build upon. This understandably has caused people to ask many questions. We've attempted to answer some of the most important ones for you, such as what attacks the researchers have found, who was affected by the vulnerabilities, and what to look out for going forward.

We'll continue to update our pages as this situation evolves, so keep checking back on EFF.org.

EFF released a new version of Privacy Badger featuring a new, experimental way to protect your privacy on and, crucially, off Facebook. When you click a link on Facebook, the external link is wrapped in a URL that points back to Facebook.com. Facebook is not alone in this, as companies like Google and Twitter do the same. Facebook goes a step further by hiding that wrapped Facebook.com URL so it looks innocuous, but is still tracking where you go.

To combat this, the latest version of Privacy Badger finds all those wraps as they’re added to the page, replaces them with their "unwrapped" equivalents, and blocks the tracking code that would run when you hover over or click on them.

Section 1201 of the Digital Millennium Copyright Act makes it illegal to get around any sort of lock that controls access to copyrighted material. While it is possible to get exemptions to this provision, it's a long and arduous process that still results in burdens being placed on things like repair shops. Because there is copyrighted software in cars, mechanics can be violating the law when they try to get into the diagnostic systems of your car. That's a nightmare scenario, which author John Scalzi was kind enough to write us a science fiction story to illustrate.

A new bill introduced in Congress gets encryption right. The bipartisan Secure Data Act would protect companies that make encrypted mobile phones, tablets, desktop and laptop computers, as well as developers of popular software for sending end-to-end encrypted messages, including Signal and WhatsApp, from being forced to alter their products in a way that would weaken the encryption. The bill also forbids the government from seeking a court order that would mandate such alterations.

In a victory for privacy rights at the border, on May 9, the U.S. Court of Appeals for the Fourth Circuit ruled that forensic searches of electronic devices carried out by border agents without any suspicion that the traveler has committed a crime violate the U.S. Constitution.

EFF will be attending the 36th meeting of the Standing Committee on Copyright and Related Rights of WIPO, the World Intellectual Property Organization. The meeting will discuss a proposed treaty that would give broadcasters exclusive new rights over the material that they broadcast, as well as copyright limitations and exceptions for libraries and archives and for education, and the status of copyright in the digital age.

Join the Electronic Frontier Foundation staff for a drink on Wednesday, May 30 in San Francisco! Raise a glass with EFF attorneys, technologists, and activists and discover our latest work defending your freedom online. EFF's Speakeasy events are free, informal meetups that give you a chance to mingle with local members and meet the people behind the world's leading digital civil liberties organization. It is also our chance to thank you, the EFF members who make this work possible.

As a special treat, the EFF staff will give the crowd a brief update on our work on emerging online rights issues. If you are a current San Francisco Bay Area EFF member accepting email, you will find a personal invitation with location details in your inbox! Space is limited, so reserve your spot. If you are traveling through San Francisco next week and would like to join in, contact membership@eff.org for more information.

We need transparency from the platforms themselves when it comes to how they moderate content online. For now, researchers including Nicolas Suzor have been tracking how the content moderation processes of major platforms are actually working in practice. (Digital Social Contract)

Prison phone company Securus, which markets its location-finding service as a feature for law enforcement and corrections officials, can get real-time location data for nearly any cellphone in the country.